From f3deedded7226cee97d47a28db57202d2a39c17c Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Tue, 6 Sep 2022 14:00:37 +0200
Subject: [PATCH] conntrack-tools-1.4.5-16

- local: Avoid sockaddr_un::sun_path buffer overflow

Resolves: rhbz#2122946
---
 ...sockaddr_un-sun_path-buffer-overflow.patch | 60 +++++++++++++++++++
 conntrack-tools.spec                          |  6 +-
 2 files changed, 65 insertions(+), 1 deletion(-)
 create mode 100644 0019-local-Avoid-sockaddr_un-sun_path-buffer-overflow.patch

diff --git a/0019-local-Avoid-sockaddr_un-sun_path-buffer-overflow.patch b/0019-local-Avoid-sockaddr_un-sun_path-buffer-overflow.patch
new file mode 100644
index 0000000..7ce229a
--- /dev/null
+++ b/0019-local-Avoid-sockaddr_un-sun_path-buffer-overflow.patch
@@ -0,0 +1,60 @@
+From 937ae00b413b46f84aa77b5ca0dae38ed2b3415a Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Wed, 31 Aug 2022 13:00:52 +0200
+Subject: [PATCH] local: Avoid sockaddr_un::sun_path buffer overflow
+
+The array's size in struct sockaddr_un is only UNIX_PATH_MAX and
+according to unix(7), it should hold a null-terminated string. So adjust
+config reader to reject paths of length UNIX_PATH_MAX and above and
+adjust the internal arrays to aid the compiler.
+
+Fixes: f196de88cdd97 ("src: fix strncpy -Wstringop-truncation warnings")
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+(cherry picked from commit 96980c548d3a1aeb07ab6aaef45389efb058a69a)
+---
+ include/local.h      | 4 ++--
+ src/read_config_yy.y | 6 +++---
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/include/local.h b/include/local.h
+index 9379446732eed..22859d7ab60aa 100644
+--- a/include/local.h
++++ b/include/local.h
+@@ -7,12 +7,12 @@
+ 
+ struct local_conf {
+ 	int reuseaddr;
+-	char path[UNIX_PATH_MAX + 1];
++	char path[UNIX_PATH_MAX];
+ };
+ 
+ struct local_server {
+ 	int fd;
+-	char path[UNIX_PATH_MAX + 1];
++	char path[UNIX_PATH_MAX];
+ };
+ 
+ /* callback return values */
+diff --git a/src/read_config_yy.y b/src/read_config_yy.y
+index 401a1575014d0..d208a6a0617cf 100644
+--- a/src/read_config_yy.y
++++ b/src/read_config_yy.y
+@@ -699,12 +699,12 @@ unix_options:
+ 
+ unix_option : T_PATH T_PATH_VAL
+ {
+-	if (strlen($2) > UNIX_PATH_MAX) {
++	if (strlen($2) >= UNIX_PATH_MAX) {
+ 		dlog(LOG_ERR, "Path is longer than %u characters",
+-		     UNIX_PATH_MAX);
++		     UNIX_PATH_MAX - 1);
+ 		exit(EXIT_FAILURE);
+ 	}
+-	snprintf(conf.local.path, sizeof(conf.local.path), "%s", $2);
++	strcpy(conf.local.path, $2);
+ 	free($2);
+ };
+ 
+-- 
+2.34.1
+
diff --git a/conntrack-tools.spec b/conntrack-tools.spec
index b5f22f1..b1cac76 100644
--- a/conntrack-tools.spec
+++ b/conntrack-tools.spec
@@ -1,6 +1,6 @@
 Name:           conntrack-tools
 Version:        1.4.5
-Release:        15%{?dist}
+Release:        16%{?dist}
 Summary:        Manipulate netfilter connection tracking table and run High Availability
 License:        GPLv2
 URL:            http://conntrack-tools.netfilter.org/
@@ -26,6 +26,7 @@ Patch15:        0015-Drop-pointless-assignments.patch
 Patch16:        0016-connntrack-Fix-for-memleak-when-parsing-j-arg.patch
 Patch17:        0017-src-fix-strncpy-Wstringop-truncation-warnings.patch
 Patch18:        0018-conntrack-fix-compiler-warnings.patch
+Patch19:        0019-local-Avoid-sockaddr_un-sun_path-buffer-overflow.patch
 
 BuildRequires:  gcc
 BuildRequires:  libnfnetlink-devel >= 1.0.1, libnetfilter_conntrack-devel >= 1.0.7
@@ -106,6 +107,9 @@ install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/conntrackd/
 %systemd_postun conntrackd.service 
 
 %changelog
+* Tue Sep 06 2022 Phil Sutter <psutter@redhat.com> - 1.4.5-16
+- local: Avoid sockaddr_un::sun_path buffer overflow
+
 * Mon Aug 15 2022 Phil Sutter <psutter@redhat.com> - 1.4.5-15
 - conntrack: fix compiler warnings
 - src: fix strncpy -Wstringop-truncation warnings